Major Cybersecurity Threat: Over 9,000 Asus Routers Compromised by Persistent Botnet Attack

In a concerning development for network security, it has come to light that more than 9,000 Asus routers have fallen victim to a sophisticated botnet attack. Identified by the cybersecurity company GreyNoise in March 2025, this incident centers around a malicious entity known as “AyySSHush.”

What sets this attack apart is its use of existing vulnerabilities within the router’s authentication protocols, allowing unauthorized access to legitimate router functions. Once the intruders gain entry, they establish a persistent Secure Shell (SSH) backdoor within the router’s non-volatile memory (NVRAM). This is particularly troubling, as it means that the backdoor remains intact even after executing firmware updates or rebooting the device.

As a result, traditional methods for remedying such security breaches fall short of efficacy, leaving affected users in a precarious situation. The resilience of this backdoor emphasizes the need for heightened security measures and constant vigilance from manufacturers and consumers alike.

In light of this incident, it’s crucial for router users to assess their device security and keep an eye on official updates or guidance from Asus regarding this vulnerability. Ensuring that your network is fortified against potential threats has never been more important.